-
April 2nd, 2005, 03:01 AM
#1
Junior Member
Creating an IDS
Me and a friend think to create a small IDS (university's exercise).
We will start with some tcp/ip books. But atm we are searching for some info about ids. Anyone know any good references (books) on howto create an ids? (not configuring snort)
Your forum is really nice ,very usefull
thx
[i hope this is the correct forum and not "IDS & Scanner Discussions"]
-
April 2nd, 2005, 05:39 AM
#2
Member
Re: Creating an IDS
Originally posted here by JJX
Me and a friend think to create a small IDS (university's exercise).
We will start with some tcp/ip books. But atm we are searching for some info about ids. Anyone know any good references (books) on howto create an ids? (not configuring snort)
Your forum is really nice ,very usefull
thx
[i hope this is the correct forum and not "IDS & Scanner Discussions"]
you can check out the RFCs for TCP/IP. Then you can download SNORT and study the C source codes...you might learn a thing or two
-
April 2nd, 2005, 10:15 AM
#3
Junior Member
Yep, we will give a glance to snort but we are looking for a book with IDS basic stuff..
-
April 2nd, 2005, 12:01 PM
#4
Member
Originally posted here by JJX
Yep, we will give a glance to snort but we are looking for a book with IDS basic stuff..
well, i thought you are going to create an IDS. If you want to know basic stuffs on IDS, there are a lot on the net..but if you want to know how an IDS is created, then get SNORT and see it's src...
-
April 2nd, 2005, 12:10 PM
#5
Would you like the world's fastest and cheapest IDS?
1) Throw a box in your DMZ.
2) Add firewall ACLs that don't allow internal hosts to hit it.
3) Add firewall ACLs that don't allow external hosts to hit it.
4) Now, add *any* program you like that can see port scan activity. There are hundreds that I can think of other than snort that are free. Hell, you can even use a sniffer for this if you're really hard up.
Done.
Now, when Mr. leet haxor breaks into one of your other hosts in the DMZ, what do you think the first thing he will do if he doesn't have knowledge of your network layout? Yep. Scan for other targets. In doing so he has just announced to you that he has compromised your network and you get to reel him in. Many a dead haxor hang on my shelf using this simple yet effective technique.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 2nd, 2005, 01:18 PM
#6
Junior Member
We want to implement a simple c++/java IDS.
C++ will do the packet sniffing , and according to some rules will detect attempts (real or false).
atm is just an idea ...
-
April 2nd, 2005, 09:19 PM
#7
Check out python, you might be able to knock smething up quickly in that as a working prototype - have a look at this -
http://www.antionline.com/showthrea...threadid=249001
its a tut on how to make a honeypot but im sure you could twist how it works and create a simple IDS??
i2c
accidentally posted this else where this morning when I was in a rush, not sure how much help it will actually be...
check this to - http://www.antionline.com/showthread...hreadid=266442
-
April 2nd, 2005, 09:28 PM
#8
Decent tutorial on building a Fedora Core 3 system, installing MySQL, Snort, BASE, et. al. to build a solid IDS. His site looks like ****, but the PDF has some good info for the begginer to build an IDS, so it's worth a look.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
April 4th, 2005, 12:27 AM
#9
Junior Member
ok, thx for the links
thx all
-
April 4th, 2005, 11:48 AM
#10
Re: Creating an IDS
Originally posted here by JJX
We will start with some tcp/ip books. But atm we are searching for some info about ids. Anyone know any good references (books) on howto create an ids? (not configuring snort)
I can highly recommend TCP/IP Illustrated, Volume 1 and Network Intrusion Detection, 3rd edition.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|